NI Response to Apache Log4j Vulnerability

Overview

A critical remote code execution vulnerability in Apache Log4j (a logging tool used in many Java applications) was disclosed on December 9, 2021. This vulnerability is described in CVE-2021-44228This advisory also covers CVE-2021-45046 and CVE-2021-4104.
 

Similar to industry users of Apache Log4j, NI has investigated to determine which products are affected by this. Maintaining the safety and security of all NI products and customer information remains our top priority. If more information on these vulnerabilities becomes available, we will conduct further investigation and report on affected products, mitigations, and/or patches on this advisory.

Contents

Affected Products

NI has completed investigation on the impact of these vulnerabilities on our products. If more information on these vulnerabilities becomes evident, we will conduct further investigation and release updates to the Affected Products table at that time.

If you are using NI products other than those explicitly listed below, no further action is required by you at this time.

ProductMitigation
NI-STAR 700 (using APC PowerChute)Apply mitigations or update to APC PowerChute Business Edition v10.0.5 or newer
OptimalPlus (Limited to deployments running Vertica, Cloudera, or Logstash)Contact Technical Support

CVSS Score

CVE-2021-44228 – 10.0 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Further Information

At NI, we view the security of our products as an important part of our commitment to our customers.  Go to ni.com/security to stay informed and act upon security alerts and issues.

Was this information helpful?

Yes

No